Abstract
This paper describes a straightforward methodology which allows mounting a specific kind of single-trace attacks called collision attacks. We first introduce the methodology (which operates at the algorithmic level) and then provide empirical evidence of its soundness by locating the points of interest involved in all existing collisions and then attacking an unmasked RSA implementation whose modular exponentiation is based on the Montgomery Ladder. The attacks we performed, albeit slightly worse than the theoretical prediction, are very encouraging nonetheless: the whole secret exponent can be retrieved (i.e., a success rate equal to 100%) using only 10 traces. Lastly, we describe how this could allow for the introduction of high-order attacks, which are known to break some protected implementations of symmetric cryptography, in the context of asymmetric cryptography.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Their leakage assessment works for their specific target only.
- 2.
As it turns out, symmetric and asymmetric cryptography behave differently in this respect. In the symmetric case, the confusion introduced by the likes of S-Boxes makes collisions probabilistic. In the RSA case, collisions happen with probability equal to either 0 or 1, meaning that the value of the part of the secret being processed directly determines whether there is a collision. Theoretically, a single execution of the modular exponentiation is therefore enough to recover the whole exponent.
- 3.
Other internal variables have been suggested as well, yet in the end, it all boils down to finding whether the input message is involved in certain operations.
- 4.
Although it is not mentioned in the paper, their technique can be extended to the Montgomery Ladder using their forward estimation method. This amounts to comparing, for a pair chosen according to the guideline they provide, the squaring done in the first iteration which processes the input message (the corresponding bit is equal to 1) and the one carried out for the bit which is currently unknown. Like in the paper, the estimation of a given exponent bit requires that all the preceding ones be known, therefore an error on index j affects all the following indices.
- 5.
However, we acknowledge that, unlike the OTA, our methodology is not portable. In fact, in collision attacks (to which OTA belongs to some extent) at least, there seems to exist a balance to find between portability and the cost of profiling. The authors of [2] appear to have chosen to prioritize portability by making the template building phase “online”. Therefore, each attack requires a profiling phase. We have decided to proceed differently. Our attack is not portable, but on the plus side, profiling needs be done only once. Consequently, the more keys an attacker targets for a given pair (board, software), the better our methodology gets in respect to OTA which requires one template per scalar bit every time.
- 6.
The authors report using 5000 traces yet do not provide any success rate.
- 7.
For instance, we claim that our contribution, which comprises only two steps and does not require any error correction, is somewhat simpler. Moreover, in addition to the vulnerability mentioned there, we describe another one which happens in the processing of a single bit.
- 8.
This is especially so for the STM32F407 board, which we used for this paper, which is arguably noisier than other platforms commonly targeted such as ChipWhisperer.
- 9.
This sum is assumed to be equal to zero when it is empty.
- 10.
Our mathematical derivation is a reformulation of the one available in the original paper.
- 11.
Therefore, at the beginning of each iteration of the loop, the following is always true: \(R_1=g\cdot R_0\).
- 12.
Countermeasures which shuffle the order of the operations do not remove the first-order vulnerabilities since the collisions still exist. An attacker who is able to detect \(\gamma _s\) and \(\gamma _t\) irrespective of their position in the trace may proceed as previously described. As such, these are not taken into consideration here.
- 13.
Changes between the two possible values for \(d_j\) have been highlighted in .
- 14.
This could, in turn, render the usual ‘randomization’ countermeasures ineffective against high-order collision attacks. This latter point will be expanded on in a future paper. For the time being, only exponent blinding can prevent the attacks analyzed in this paper.
- 15.
If it is a destination, then it has just changed. This runs counter to Definition 2.
- 16.
Same justification as before, since both \(R_0\) and \(R_1\) get overwritten in an iteration of the loop.
- 17.
The span of a given instant in the executions covers about 3 samples which is less than a CPU cycle.
- 18.
During an attack, since the values for such models are unknown, NICV cannot be used. It can only be used during the profiling phase, not the exploitation phase.
- 19.
The timing diagrams indicate that \(g^{2\cdot 0}=1\) should be discussed as well. However, since it is a constant, it is not possible to analyze the variations for these samples in the traces. As consequence, we discarded it.
- 20.
In fact, since the two variables (\(R_0\), \(R_1\)) are treated one at a time by the hardware, there will be an offset (a few cycles) between the sets of peaks related to both numerical models. The peaks will always be distinct.
References
Aldaya, A.C., García, C.P., Tapia, L.M.A., Brumley, B.B.: Cache-timing attacks on RSA key generation. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019, 213–242 (2018). https://doi.org/10.13154/tches.v2019.i4.213-242
Batina, L., Chmielewski, L., Papachristodoulou, L., Schwabe, P., Tunstall, M.: Online template attacks. J. Cryptogr. Eng. 9, 21–36 (2017). https://doi.org/10.1007/s13389-017-0171-8
Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal and vertical side-channel attacks against secure RSA implementations. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 1–17. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36095-4_1
Benadjila, R., Prouff, E., Strullu, R., Cagli, E., Dumas, C.: Deep learning for sidechannel analysis and introduction to ASCAD database. J. Cryptogr. Eng. 10(2), 163–188 (2020). https://doi.org/10.1007/s13389-019-00220-8
Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: NICV: normalized inter-class variance for detection of side-channel leakage. In: EMC, Tokyo, Japan (2014). https://hal.telecom-paris.fr/hal-02412040
Bruneau, N., Carlet, C., Guilley, S., Heuser, A., Prouff, E., Rioul, O.: Stochastic collision attack. IEEE Trans. Inf. Forensics Secur. 12(9), 2090–2104 (2017). https://doi.org/10.1109/TIFS.2017.2697401
Carbone, M., et al.: Deep learning to evaluate secure RSA implementations. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(2), 132–161 (2019). https://doi.org/10.13154/tches.v2019.i2.132-161
Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 46–61. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17650-0_5
Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48059-5_25
Dupaquis, V., Venelli, A.: Redundant modular reduction algorithms. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 102–114. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-27257-8_7
Fouque, P.A., Valette, F.: The doubling attack – why upwards is better than downwards. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 269–280. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45238-6_22
Hanley, N., Kim, H.S., Tunstall, M.: Exploiting collisions in addition chain-based exponentiation algorithms using a single trace. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 431–448. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16715-2_23 ISBN: 978-3-319-16715-2
Heyszl, J., Ibing, A., Mangard, S., De Santis, F., Sigl, G.: Clustering algorithms for non-profiled single-execution attacks on exponentiations. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 79–93. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08302-5_6 ISBN: 978-3-319-08302-5
Homma, N., Miyamoto, A., Aoki, T., Satoh, A., Shamir, A.: Collision-based power analysis of modular exponentiation using chosen-message pairs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 15–29. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85053-3_2 ISBN: 978-3-540-85053-3
Jajodia, S., van Tilborg, H.C.: Encyclopedia of Cryptography and Security. Springer, New York (2011). https://doi.org/10.1007/978-1-4419-5906-5. ISBN: 038723473X
Joye, M., Yen, S.-M.: The montgomery powering ladder. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_22
Knuth, D.E.: The Art of Computer Programming, Volume 2: Seminumerical Algorithms. Addison-Wesley (1981)
Micheli, G.D., Heninger, N.: Recovering cryptographic keys from partial information, by example. Cryptology ePrint Archive, Paper 2020/1506 (2020). https://eprint.iacr.org/2020/1506
Montgomery, P.L.: Speeding the pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987). https://doi.org/10.1090/S0025-5718-1987-0866113-7
Moradi, A., Mischke, O., Paar, C., Li, Y., Ohta, K., Sakiyama, K.: On the power of fault sensitivity analysis and collision side-channel attacks in a combined setting. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 292–311. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_20 ISBN: 978-3-642-23951-9
Nascimento, E., Chmielewski, Ł: Applying horizontal clustering side-channel attacks on embedded ECC implementations. In: Eisenbarth, T., Teglia, Y. (eds.) CARDIS 2017. LNCS, vol. 10728, pp. 213–231. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-75208-2_13
Nascimento, E., Chmielewski, Ł, Oswald, D., Schwabe, P.: Attacking embedded ECC implementations through cmov side channels. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 99–119. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69453-5_6
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9
Perin, G., Chmielewski, L., Batina, L., Picek, S.: Keep it unsupervised: horizontal attacks meet deep learning. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(1), 343–372 (2020). https://doi.org/10.46586/tchesv2021.i1.343-372
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978). https://doi.org/10.1145/359340.359342. ISSN: 0001-0782
Schindler, W., Wiemers, A.: Power attacks in the presence of exponent blinding. J. Cryptogr. Eng. 4, 213–236 (2014). https://doi.org/10.1007/s13389-014-0081-y
Scott, M.: MIRACL Core Cryptographic Library (2019). https://github.com/miracl/core
Waddle, J., Wagner, D.: Towards efficient second-order power analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1–15. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_1 ISBN: 978-3-540-28632-5
Walter, C.D.: Sliding windows succumbs to big mac attack. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 286–299. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44709-1_24
Witteman, M.F., van Woudenberg, J.G.J., Menarini, F.: Defeating RSA multiply-always and message blinding countermeasures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 77–88. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19074-2_6 ISBN: 978-3-642-19074-2
Yen, S.-M., Ko, L.-C., Moon, S.J., Ha, J.C.: Relative doubling attack against montgomery ladder. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 117–128. Springer, Heidelberg (2006). https://doi.org/10.1007/11734727_11 ISBN: 978-3-540-33355-5
Acknowledgements
This work has been funded by the French Ministry of Armed Forces through its Agence de l’Innovation de la Défense.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A The Montgomery Ladder
B Observing Collisions Involving \(g^2\)
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Varillon, A., Sauvage, L., Danger, JL. (2024). High-Order Collision Attack Vulnerabilities in Montgomery Ladder Implementations of RSA. In: Regazzoni, F., Mazumdar, B., Parameswaran, S. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2023. Lecture Notes in Computer Science, vol 14412. Springer, Cham. https://doi.org/10.1007/978-3-031-51583-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-51583-5_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-51582-8
Online ISBN: 978-3-031-51583-5
eBook Packages: Computer ScienceComputer Science (R0)